CVE-2024-7786

The Sensei LMS  WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
WPScanCNA
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
automatticsensei_lms
𝑥
< 4.24.2
automatticsensei_lms
𝑥
< 4.24.2
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/f44e6f8f-3ef2-45c9-ae9c-9403305a548a/